IoT Research of the Cyber Security group
Last Friday 5th April, the University of Southampton Research Week finished with a poster event showcasing the research activities of different groups related Internet of Thing.
The cybersecurity group brought seven posters related to different projects, where researchers and PhD students showed some of the IoT activity of the group.
Two posters were for the PETRAS BlockIT project: Dr. Nawfal Fadhel (Research Fellow) and Dr. Federico Lombardi (Lecturer) presented ETSE, an architecture which integrates blockchain and smart meter devices to enable energy trading in a smart energy neighbourhood. As a second poster on the BlockIT project, they presented a threat analysis based on semantic modelling for a paper that will be presented at the IET Living in the Internet of Things Conference next May.
The prototype of the BlockIT project has been developed and we are now simulating results with a smart meter data generator. Soon, we will integrate the prototype with real smart meter devices.
A new IoT testbed of the Cyber Security group is now ready to be used for other IoT activities and it will be beneficial for a real evaluation of security and vulnerabilities of IoT devices.
Among others, Stefano De Angelis (PhD student) presented a risk assessment methodology for IoT-based systems through the OWASP database, while Ryan Gregory (cyber intern) showed a project to create a realistic smart home dataset by injecting attacks against a network composed by IoT devices and collecting metrics related to their traffic in response to the attacks.
Max Hayman (PhD student) presented his PhD work related to IoT vulnerabilities and he showed a case studied on the Yale Smart Lock (YSL), showing how it can be easy to clone an NFC card to unlock the YSL due to a lack of encryption.
Finally, Rob Thorburn (PhD student) presented a study on privacy of IoT devices. Specifically, he showed some common architectural patterns, assessing the traffic flow and the involved parties to check which kind of data should be (or should not be) sent as a plaintext or cipher-text also to be compliant with GDPR.
The Cybersecurity group of the University of Southampton is carrying on many other projects on IoT, such firmware analysis, network fingerprinting, penetration testing, privacy and security of voice assistants and many other.
The “smart” sector is growing and the cyber group is spending a big effort in IoT research. Indeed, we are involved in PETRAS Internet of Things Research Hub, a consortium of eleven leading UK universities, which are working together since three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security of IoT. Currently, we have BlockIT as a main IoT project for PETRAS and our goal is to propose to PETRAS other innovative solutions that we are carrying on thanks to the work of our PhD students and researchers.
